Making an OAuth or OIDC consent decision using access policy

Making an OAuth or OIDC consent decision using access policy

We can use an access policy to prompt the user to enter further information via a web page or redirect the user to another website. This logic could be used to perform the consent step when advanced logic beyond "prompt once", "always prompt", or "never prompt" is required.
This advanced logic is undefined. But it is assumed that as a result of it, the author of the policy will be able to decide Whether the user has consented, and if they have consented, which scopes the user has granted the client.
The following snippet can be used to set the list of scopes consented:
// Get the protocol Context: var pctx = context.getProtocolContext(); // Construct our array of scopes var scopes = java.lang.reflect.Array.newInstance(java.lang.String,2); // Set the values scopes[0] = "scope1"; scopes[1] = "scope2"; // Add this to the context pctx.setConsentDecision(scopes);

If consent has been performed but no scope was granted, then the follow snippet can be used:
// Get the protocol Context: var pctx = context.getProtocolContext(); var scopes = java.lang.reflect.Array.newInstance(java.lang.String,1); scopes[0] = ""; // Add this to the context pctx.setConsentDecision(scopes);

Parent topic: Access policy for OAuth or OIDC